Accounting Internal Controls

You are here: Home / Internal Controls / Understanding the COSO Control Objectives

Understanding the COSO Control Objectives

by

COSO objectives refer to the goals of a company. Which fall into three categories:

  1. Operations
  2. Reporting
  3. Compliance

Management designs, implements, and monitors internal controls to meet company objectives (goals). Each internal control put into place falls under one of these three objectives. Let’s take a look at each objective to determine which type of control would help an organization meet the objectives.

COSO Objectives of Internal Control
Internal Control—Integrated Framework (Framework), © [2013] Committee of Sponsoring Organizations of the Treadway Commission (COSO). All rights reserved. Used with permission.

Operations Objective

Operations objectives refer to the entity’s business processes, goals, and protection of assets.

Processes and procedures are relied on to ensure that business practices are upheld, work is performed efficiently and effectively, steps in the process are not skipped, and employees are protected.

Sales, production, and other goals are tracked and measured to ensure that performance standards are met.

Assets belonging to the company are maintained, tracked, and used for Company purposes.

Operations Objective Failure Example:

OSHA fined employers for not adequately protecting their employees and putting them at risk for death, dismemberment, or injury. The top 10 OSHA fines for 2020 involved various industries such as manufacturing, trucking, roofing, retail, power plant, waste management, and food processing. The costliest OSHA penalty in 2020 was over $2 million. Accidents cost individuals their lives in some instances and caused severe harm in others. The incidents cost businesses hefty fines, bad press, legal fees, and a significant amount of time spent on legal matters.

Reporting Objective

Reporting objectives refer to the reliability of both external and internal financial and non-financial reporting.

Management is responsible for preparing the financial statements to present to the Board of Directors, investors, creditors, and other users of the financial statements.  Management must present the financial statements fairly and accurately in accordance with GAAP or IFRS accounting frameworks.  There needs to be a system to ensure that the data presented in the financial statements are accurate and reliable.

Additionally, non-financial reporting needs to be verified to ensure that numbers relied on are accurate. These numbers vary depending on the industry but include things such as the number of customers, # of goods produced, customer wait time, and web page downtime. While not reported to the public, Management relies heavily on different metrics in the company to make sound business decisions. The numbers that those decisions are being made on need to be reliable.

Misreporting financial numbers can be costly, requiring restitution, fines, and potentially jail time.

Reporting Objective Failure Example:

Zsa Zsa Bouvier Couch in Montgomery, Alabama, was arrested for submitting multiple applications for relief funds, falsifying her number of employees, inflating payroll expenses, and falsifying tax documents. While not convicted yet, she faces a maximum of 30 years in jail, fines, and repayment of fraudulently secured funds.

Compliance Objective

Compliance objectives refer to the laws and regulations that an entity is subject to.

Management ensures that the organization follows all state, local, federal, and industry-specific laws and regulations Compliance can range from closely related areas to Accounting, such as payroll laws, tax codes, banking requirements, and grant requirements for not-for-profit entities. However, they can go into other areas such as labor laws and environmental protection. Staying on top of the changing landscape of compliance is necessary to continue to operate a business.

Publicly traded companies and other highly regulated businesses have compliance teams that stay on top of these requirements. Being in non-compliance causes financial issues, damages an organization’s reputation, and can suspend operations.

Forgetting to file proper documentation or remain up to health and safety standards can be detrimental to a business.

Compliance Objective Failure Example:

The University of Alaska Anchorage (UAA) did not meet the new Council for the Accreditation of Educator Preparation (CAEP) accreditation standard. Causing their bachelor’s degrees in early childhood education, elementary education, and secondary education, and the master’s degree program in secondary education programs to become unaccredited. UAA put students in jeopardy of not being able to become certified teachers and not being able to find jobs in their chosen career field. The University received lots of bad press, and students started pulling out of school to move to accredited programs.

Conclusion

COSO objectives refer to the company’s goals. These objectives are broken into three areas operations, reporting, and compliance.

Management must have a vision for the company’s objectives they want to achieve before designing the internal control system. The five components of internal control help the entity achieve its objectives.

You can find additional information about the COSO cube and internal control framework here.